Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software

The Hacker News
Open in Source
#vulnerability#microsoft#zero_day#The Hacker News
Microsoft Fix Targets Attacks on SharePoint Zero-Day

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

Microsoft Rushes Emergency Patch for Actively Exploited SharePoint 'ToolShell' Bug

Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and other businesses in ongoing and widespread attacks.

⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to

A week in security (July 14 – July 20)

A list of topics we covered in the week of July 14 to July 20 of 2025

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part of its July 2025 Patch Tuesday

China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

Plus: Secret IRS data-sharing with ICE, a 20-year-old hackable vulnerability in train brakes, and more.

Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances. According to a report published by JPCERT/CC today, the threat actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observed between December 2024 and July

How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.

Chrome fixes 6 security vulnerabilities. Get the update now!

Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.